md5 hashing

Scott Penrose scottp at dd.com.au
Thu Jan 31 00:29:36 CST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thursday, January 31, 2002, at 06:09 , Andrew Gray wrote:

> What I want to do, is remotely control some of the functions on a 
> server. To
> this end, I can do it using sockets and loading a client program and 
> that
> all works OK, but I think to be secure I need to encrypt the message I 
> am
> passing between the servers (call me paranoid, but I dont really trust
> telstra's network that much ....)
>
>> From how I understand it, MD5 encryption lets you hash a message with a
> given key, and then using the same key, unencrypt the message at the 
> other
> end. Is this right? or is it a one way encryption like crypt()?
>
> Having read the synopsis from www.cpan.org I can see how to hash the 
> message
> given a key string, but nowhere can I see how to unencrypt at the other 
> end
> of the transmission.
>
> OR are there any other two way encryption modules around that I could 
> use
> simply.

Personally I prefer to do it using SSL, that way the encoding is 
standard and well understood.

However that can be a lot of work, so in some cases what I have done is 
to use SSH port forwarding.

So what you do is on your client side (where your perl script runs) 
connect (sockets) to localhost, some port number you choose.
SSH mean time has been setup (using RSA keys etc) by the system admin - 
separately controlled from your perl code.
on connecting to localhost:someport it forward it to 
remotehost:localport.

You also need to make sure that your server is setup with the daemon 
(the server script) so that it only accepts connections from localhost 
(bind to localhost only) - and I also recommend restricting that port 
even more with ip tables.

Why this approach.

1. My perl code does not have to know anything about security or 
encrypting
2. I can test the code without any encryption.
3. I am not going to make a crypto mistake - SSH is well proven 
technology and checked for security holes all the time.
4. When updates to how security is done are made you don't have to 
update your then legacy perl code.

One point though - this does not protect your server or client machine 
from prying eyes. However having encryption end to end does not really 
solve that either because you are going to have the streams unencrypted 
in memory anyway.
Scott
- ---
Scott Penrose
Open source and Linux Developer
http://linux.dd.com.au/
scottp at dd.com.au
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org

iD8DBQE8WORUDCFCcmAm26YRAvxVAKCbl+SV2WfLS73krw1lZpDQKCetjQCeMDJA
F9eM54KdCZpeuaas9EkvSog=
=OfaC
-----END PGP SIGNATURE-----




More information about the Melbourne-pm mailing list